Air Force to probe code in development

By John Rendleman

Oct 05, 2007

The Air Force has awarded contracts totaling $10.2 million to three providers of application security analysis and testing software. The awards are part of the service's Application Software Assurance Center of Excellence effort to look for and fix security vulnerabilities in its internally written software.

Fortify Software won the biggest piece of the initiative and will provide the Air Force with more than $7 million in software. The Air Force will buy and use three Fortify software packages, each designed to look for a specific class of security vulnerabilities during the software development process when flaws are most likely to occur and are the easiest to fix.

The three Fortify products are its Source Code Analysis software, used early in development to detect and correct security weaknesses in source code; its Defender software, used to analyze Web applications and applications programming interfaces; and its Tracer security testing software that finds hard-to-detect weaknesses in finished or nearly finished software or corroborates results from other security tests.

Other vendors that will participate in the program are IBM's Watchfire subsidiary and Application Security.